A model-based approach to achieve organizational information assurance

Posted on:2004-06-10

Degree:Ph.D

Type:Dissertation

University:Arizona State University

Candidate:Suchan, William Keith

Full Text:PDF

GTID:1468390011467279

Subject:Computer Science

Abstract/Summary:

The protection of information is essential to the success of any organization. In spite of the growing prevalence of information theft, organizations continue to be ill-prepared to deal with the possibility of both physical and electronic assaults on their information systems. One way that organizations attempt to become proficient in information assurance is by employing personnel who are certified in Information Technology. This research challenges the tacit assumption that certification is sufficient to ensure a higher level of organizational information assurance.;This dissertation compares organizations that employ personnel certified in Information Technology against organizations that do not employ such certified personnel. Because overall information security is bound by its weakest component, it is not necessary to compare all aspects of organizational information security to achieve a valid comparison. This research establishes a reference model that identifies essential practices for the confidentiality of information in storage, and then compares organizations against that reference model. Results generated from more than 130 organizations indicate that, while organizations with certified personnel are slightly more likely to perform essential information security practices, neither group of organizations is performing very well. In one key area, those organizations with certified personnel actually leave themselves more vulnerable to electronic attack than other organizations, as nearly half of the organizations with certified personnel acknowledge having external network connections that circumvent organizational firewalls.;More stunning than the poor performance of many organizations are the indications that organizations holding critical consumer credit information do not even acknowledge a direct responsibility to safeguard that information. This leads to the conclusion that information assurance is more dependent on information security awareness than on technological advances. Another important conclusion is that organizations desiring certified personnel must be willing to pay for the cost of the certification. Over 80% of all personnel certifications represented in this research were fully funded by the organization.

Keywords/Search Tags:

Information, Personnel

Related items

1	TEDA Labor And Personnel Bureau Personnel Information Management System Design And Implementation
2	Design And Implementation Of A Business Consulting Firm Personnel Management System
3	Design And Implementation Of Personnel Management System Based On B/S Structure
4	The Design And Implementation Of Personnel Information Management System
5	The Personnel Information Management System Of The People’s Bank Of China Meishan City Branch Design And Implementation
6	The Design And Implementation Of Traffic Personnel Information Mangement System Based On B/S Technology Architecture
7	Based On The Theater Of The E-government Personnel Management Information System Analysis And Optimization Design
8	Comparative Study On Training Of Chinese And Foreign Information Technology Personnel
9	Based On B / S Corporate Personnel Management Information System Design And Development,
10	Design And Implementation Of Personnel Management Information System For Yellow River Institute Of Science And Technology